Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: not sure what to do  (Read 8273 times)

0 Members and 1 Guest are viewing this topic.

azreon

    Topic Starter


    Rookie

    • Experience: Beginner
    • OS: Windows 7
    not sure what to do
    « on: June 26, 2014, 11:29:04 PM »
    i just ran malwarebytes for the first time in a while i found that i had 115 pieces of malware i restated my computer and ran it again and got that number down to around 96 most of the malware has to do with utorrent and has the word PUP.optional attached. a lot of these things say key and im not sure if i should delete them what should i do?

    Allan

    • Moderator

    • Mastermind
    • Thanked: 1206
    • Experience: Guru
    • OS: Windows 10
    Re: not sure what to do
    « Reply #1 on: June 27, 2014, 05:38:19 AM »
    Please follow the instructions in the following link and post your logs:
    http://www.computerhope.com/forum/index.php/topic,46313.0.html

    azreon

      Topic Starter


      Rookie

      • Experience: Beginner
      • OS: Windows 7
      Re: not sure what to do
      « Reply #2 on: June 27, 2014, 09:30:26 AM »
      # AdwCleaner v3.213 - Report created 27/06/2014 at 11:41:44
      # Updated 23/06/2014 by Xplode
      # Operating System : Windows 7 Starter Service Pack 1 (32 bits)
      # Username : Dylan - DYLAN-PC
      # Running from : C:\Users\Dylan\Downloads\adwcleaner_3.213.exe
      # Option : Scan

      ***** [ Services ] *****


      ***** [ Files / Folders ] *****

      Folder Found : C:\Program Files\SupraSavings

      ***** [ Shortcuts ] *****


      ***** [ Registry ] *****


      ***** [ Browsers ] *****

      -\\ Internet Explorer v11.0.9600.17126


      -\\ Mozilla Firefox v

      [ File : C:\Users\Dylan\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]


      [ File : C:\Users\Dylan\AppData\Roaming\Mozilla\Firefox\Profiles\dyx0or67.default\prefs.js ]


      -\\ Google Chrome v35.0.1916.153

      [ File : C:\Users\Dylan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

      Found [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3287810&SearchSource=48&CUI=UN23135998505721270&UM=2

      *************************

      AdwCleaner[R0].txt - [15132 octets] - [27/06/2014 03:19:10]
      AdwCleaner[R1].txt - [1728 octets] - [27/06/2014 04:08:36]
      AdwCleaner[R2].txt - [1207 octets] - [27/06/2014 04:15:18]
      AdwCleaner[R3].txt - [1374 octets] - [27/06/2014 04:23:28]
      AdwCleaner[R4].txt - [1494 octets] - [27/06/2014 04:34:02]
      AdwCleaner[R5].txt - [1619 octets] - [27/06/2014 04:56:57]
      AdwCleaner[R6].txt - [1350 octets] - [27/06/2014 11:41:44]
      AdwCleaner[S0].txt - [14402 octets] - [27/06/2014 03:23:30]
      AdwCleaner[S1].txt - [1799 octets] - [27/06/2014 04:11:04]
      AdwCleaner[S2].txt - [1269 octets] - [27/06/2014 04:18:22]
      AdwCleaner[S3].txt - [1389 octets] - [27/06/2014 04:27:46]

      ########## EOF - C:\AdwCleaner\AdwCleaner[R6].txt - [1651 octets] ##########
      « Last Edit: June 27, 2014, 09:45:53 AM by azreon »

      azreon

        Topic Starter


        Rookie

        • Experience: Beginner
        • OS: Windows 7
        Re: not sure what to do
        « Reply #3 on: June 27, 2014, 10:35:58 AM »
        Malwarebytes Anti-Malware
        www.malwarebytes.org

        Scan Date: 6/27/2014
        Scan Time: 11:59:14 AM
        Logfile: d.txt
        Administrator: Yes

        Version: 2.00.2.1012
        Malware Database: v2014.06.27.06
        Rootkit Database: v2014.06.23.02
        License: Free
        Malware Protection: Disabled
        Malicious Website Protection: Disabled
        Self-protection: Disabled

        OS: Windows 7 Service Pack 1
        CPU: x86
        File System: NTFS
        User: Dylan

        Scan Type: Threat Scan
        Result: Completed
        Objects Scanned: 268174
        Time Elapsed: 30 min, 42 sec

        Memory: Enabled
        Startup: Enabled
        Filesystem: Enabled
        Archives: Enabled
        Rootkits: Disabled
        Heuristics: Enabled
        PUP: Warn
        PUM: Enabled

        Processes: 0
        (No malicious items detected)

        Modules: 0
        (No malicious items detected)

        Registry Keys: 6
        PUP.Optional.uTorrentTB.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pacgpkgadgmibnhpdidcnfafllnmeomc, , [c4ae8fee304b3ff78d332b9355ad01ff],
        PUP.Optional.SupraSavings.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Supra Savings, , [a3cfabd2047776c0959a3a87cc366799],
        PUP.Optional.TornTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Torntv V9.0, , [90e23647007bda5c2bc1bc0e22e02ed2],
        PUP.Optional.SaveValet.A, HKU\S-1-5-21-1801047075-3491768157-2206311776-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\mffdcionknddopdmdnloanoafafkmckb, , [d49e1667fe7d003637adc6e8649e30d0],
        PUP.Optional.uTorrentTB.A, HKU\S-1-5-21-1801047075-3491768157-2206311776-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pacgpkgadgmibnhpdidcnfafllnmeomc, , [a9c9d3aa80fbe650902f95293fc346ba],
        PUP.Optional.SaveAs.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SaveAs, , [a6cce8950f6c57dfd0b86d26976bb44c],

        Registry Values: 0
        (No malicious items detected)

        Registry Data: 0
        (No malicious items detected)

        Folders: 4
        PUP.Optional.AdPeak.A, C:\temp, , [581ad3aa2556df57cdd061509d6512ee],
        PUP.Optional.SaveAs.A, C:\ProgramData\InstallMate\SaveAs, , [a6cce8950f6c57dfd0b86d26976bb44c],
        PUP.Optional.SupraSavings.A, C:\Program Files\SupraSavings, , [244ebcc155261b1bf221d4c727db7987],
        PUP.Optional.SupraSavings.A, C:\Program Files\SupraSavings\SSL, , [244ebcc155261b1bf221d4c727db7987],

        Files: 10
        PUP.Adware.Agent, C:\Users\Dylan\Downloads\The_Tick_Complete_Animated_Series_(DivX) (1).exe, , [1f53c5b894e711252d238e30ec14fe02],
        PUP.Adware.Agent, C:\Users\Dylan\Downloads\The_Tick_Complete_Animated_Series_(DivX).exe, , [7ef47a03e3980d2966eaa21c9b656a96],
        PUP.Optional.Installrex, C:\Users\Dylan\Downloads\Larfleeze 001 (2013) (Digital) (Nahga-Empire).cbr.exe, , [ee84c1bc0c6f2c0ae1e34ec79e6330d0],
        PUP.Optional.Installex, C:\Users\Dylan\Downloads\DownloadSetup.exe, , [d89a80fd96e5d85ebc1d7e8ccc352fd1],
        PUP.Optional.AdPeak.A, C:\temp\lsp2.log, , [581ad3aa2556df57cdd061509d6512ee],
        PUP.Optional.AdPeak.A, C:\temp\t.txt, , [581ad3aa2556df57cdd061509d6512ee],
        PUP.Optional.CrossRider.A, C:\Users\Dylan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kmkdohofefokfmbnlbgebdapndacfklg_0.localstorage, , [383a85f848332f07a1e8877dd430fc04],
        PUP.Optional.SaveAs.A, C:\ProgramData\InstallMate\SaveAs\Setup.dat, , [a6cce8950f6c57dfd0b86d26976bb44c],
        PUP.Optional.SaveAs.A, C:\ProgramData\InstallMate\SaveAs\Setup.exe, , [a6cce8950f6c57dfd0b86d26976bb44c],
        PUP.Optional.Conduit.A, C:\Users\Dylan\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "", "http://search.conduit.com/?ctid=CT3287810&SearchSource=48&CUI=UN23135998505721270&UM=2", "http://mysearch.avg.com/?cid={9C1C410E-DB56-4CA4-BB10-CC89E7B00F5D}&mid=2e104f9c7cfc47d1a5f76939b22a10e2-f0cc3cbeccb2c87ec7d1ff801934be3357272453&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-09-09%2012:06:24&v=17.0.1.4&pid=safeguard&sg=&sap=hp&cmpid=0913a" ],), ,[6f035c21e69570c6eaae8236d62e3fc1]

        Physical Sectors: 0
        (No malicious items detected)


        (end)

        azreon

          Topic Starter


          Rookie

          • Experience: Beginner
          • OS: Windows 7
          Re: not sure what to do
          « Reply #4 on: June 27, 2014, 10:44:11 AM »
           Results of screen317's Security Check version 0.99.85 
           Windows 7 Service Pack 1 x86 (UAC is enabled) 
           Internet Explorer 11 
          ``````````````Antivirus/Firewall Check:``````````````[/u]
           Windows Firewall Enabled! 
          AVG Anti-Virus Free Edition 2012   
           Antivirus up to date!   
          `````````Anti-malware/Other Utilities Check:`````````[/u]
           CCleaner     
           JavaFX 2.1.1   
           Java 7 Update 51 
           Java version out of Date!
            Adobe Flash Player    13.0.0.214 Flash Player out of Date! 
           Adobe Reader 10.1.10 Adobe Reader out of Date! 
           Google Chrome 35.0.1916.114 
           Google Chrome 35.0.1916.153 
          ````````Process Check: objlist.exe by Laurent````````[/u] 
           AVG avgwdsvc.exe
           AVG avgtray.exe
           AVG avgrsx.exe
           AVG avgnsx.exe
           AVG avgemc.exe
          `````````````````System Health check`````````````````[/u]
           Total Fragmentation on Drive C: 1%
          ````````````````````End of Log``````````````````````[/u]

          SuperDave

          • Malware Removal Specialist


          • Genius
          • Thanked: 991
          • Certifications: List
          • Experience: Expert
          • OS: Windows 8
          Re: not sure what to do
          « Reply #5 on: June 27, 2014, 01:30:56 PM »
          Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

          1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
          2. The fixes are specific to your problem and should only be used for this issue on this machine.
          3. If you don't know or understand something, please don't hesitate to ask.
          4. Please DO NOT run any other tools or scans while I am helping you.
          5. It is important that you reply to this thread. Do not start a new topic.
          6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
          7. Absence of symptoms does not mean that everything is clear.

          If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
          *************************************************************************
          Remove the Adware:
          • Please close all open programs and internet browsers.
          • Double click on adwcleaner.exe to run the tool.
          • Click on Delete.
          • Confirm each time with OK
          • Your computer will be rebooted automatically. A text file will open after the restart.
          • Please post the content of that logfile in your reply.
          • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
          **************************************************
          Update Your Java (JRE)

          Old versions of Java have vulnerabilities that malware can use to infect your system.


          First Verify your Java Version

          If there are any other version(s) installed then update now.

          Get the new version (if needed)

          If your version is out of date install the newest version of the Sun Java Runtime Environment.

          Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

          Be sure to close ALL open web browsers before starting the installation.

          Remove any old versions

          1. Download JavaRa and unzip the file to your Desktop.
          2. Open JavaRA.exe and choose Remove Older Versions
          3. Once complete exit JavaRA.

          Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
          ***********************************************
          Please download Junkware Removal Tool to your desktop.

          Warning! Once the scan is complete JRT will shut down your browser with NO warning.

          Shut down your protection software now to avoid potential conflicts.

          •Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

          •Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

          •The tool will open and start scanning your system.

          •Please be patient as this can take a while to complete depending on your system's specifications.

          •On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

          •Copy and Paste the JRT.txt log into your next message.
          Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

          azreon

            Topic Starter


            Rookie

            • Experience: Beginner
            • OS: Windows 7
            Re: not sure what to do
            « Reply #6 on: June 27, 2014, 07:20:49 PM »
            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            Junkware Removal Tool (JRT) by Thisisu
            Version: 6.1.4 (04.06.2014:1)
            OS: Windows 7 Starter x86
            Ran by Dylan on Fri 06/27/2014 at 21:10:28.48
            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




            ~~~ Services



            ~~~ Registry Values



            ~~~ Registry Keys

            Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypesetup_rasapi32
            Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypesetup_rasmancs
            Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311391106}
            Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311391106}
            Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
            Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011041198}
            Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
            Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{75387602-7F86-45C2-9660-6275A46EB7DF}
            Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C4667E3E-A30C-496C-A785-C469674F51FB}



            ~~~ Files

            Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"



            ~~~ Folders

            Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
            Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
            Successfully deleted: [Folder] "C:\Users\Dylan\Local Settings\Application Data\best buy pc app"
            Successfully deleted: [Folder] "C:\Users\Dylan\Local Settings\Application Data\cre"
            Successfully deleted: [Empty Folder] C:\Users\Dylan\appdata\local\{00A38A0F-D6D0-4A37-901C-C75C68A567EC}
            Successfully deleted: [Empty Folder] C:\Users\Dylan\appdata\local\{0D13E397-F4B9-4A16-8B7F-57BA388CB97B}
            Successfully deleted: [Empty Folder] C:\Users\Dylan\appdata\local\{2D1CEF80-596A-4381-A856-542120EB11B8}
            Successfully deleted: [Empty Folder] C:\Users\Dylan\appdata\local\{31E8E4E6-C1C9-4A53-ABE9-04AB812DB9A1}
            Successfully deleted: [Empty Folder] C:\Users\Dylan\appdata\local\{34061E26-95BC-402E-9F7B-30A818E93676}
            Successfully deleted: [Empty Folder] C:\Users\Dylan\appdata\local\{3F0953F4-67DB-4204-AE5B-D73C5ED0BBA7}
            Successfully deleted: [Empty Folder] C:\Users\Dylan\appdata\local\{44A9CA60-2D35-4AC2-8397-6F9E8DC55EA8}
            Successfully deleted: [Empty Folder] C:\Users\Dylan\appdata\local\{4608B5CA-A95D-4FA5-AD2C-B9C20B48346B}
            Successfully deleted: [Empty Folder] C:\Users\Dylan\appdata\local\{469DBF76-7393-4B03-8AB7-F75EA5772B1F}
            Successfully deleted: [Empty Folder] C:\Users\Dylan\appdata\local\{61411EDA-5302-4509-8DBC-19251643C384}
            Successfully deleted: [Empty Folder] C:\Users\Dylan\appdata\local\{6258425A-9EA7-4FB6-A371-4C29407B844C}
            Successfully deleted: [Empty Folder] C:\Users\Dylan\appdata\local\{626B7120-2980-44CE-829C-80C09CA65BB6}
            Successfully deleted: [Empty Folder] C:\Users\Dylan\appdata\local\{692D90EA-3795-43C9-BE5E-685DD97A50B1}
            Successfully deleted: [Empty Folder] C:\Users\Dylan\appdata\local\{695EF3BF-F536-4053-8FCE-02E43F5FCBE2}
            Successfully deleted: [Empty Folder] C:\Users\Dylan\appdata\local\{6A83F9E8-ADA9-4E17-A2FE-1D71B32B3DD8}
            Successfully deleted: [Empty Folder] C:\Users\Dylan\appdata\local\{87237F9C-6095-4D05-88DD-E598C64C8755}
            Successfully deleted: [Empty Folder] C:\Users\Dylan\appdata\local\{875CF13F-4FCF-4288-A38C-A5164D4CDA22}
            Successfully deleted: [Empty Folder] C:\Users\Dylan\appdata\local\{8AAA313C-CFF9-40BF-9360-50D4DB632810}
            Successfully deleted: [Empty Folder] C:\Users\Dylan\appdata\local\{8B0364AD-C3EF-4C5E-8E70-016A230B5AD6}
            Successfully deleted: [Empty Folder] C:\Users\Dylan\appdata\local\{9A31DDCB-6881-404F-9C94-B3FEAC2565E4}
            Successfully deleted: [Empty Folder] C:\Users\Dylan\appdata\local\{B13E59B1-BC67-4A73-9D50-DE9B8B3BF81F}
            Successfully deleted: [Empty Folder] C:\Users\Dylan\appdata\local\{C8B5F00B-2543-402F-BD5D-C41899B669F5}
            Successfully deleted: [Empty Folder] C:\Users\Dylan\appdata\local\{CBF85A80-E005-439F-8CB1-132AEECBB309}
            Successfully deleted: [Empty Folder] C:\Users\Dylan\appdata\local\{DB78FA41-D0E0-43D3-9FE7-91322F03A3AE}
            Successfully deleted: [Empty Folder] C:\Users\Dylan\appdata\local\{DC60A96F-E2EA-41E3-83EF-F02B111FE511}
            Successfully deleted: [Empty Folder] C:\Users\Dylan\appdata\local\{E294E3FA-537B-4CD9-9954-4C7DC36F2F21}
            Successfully deleted: [Empty Folder] C:\Users\Dylan\appdata\local\{E76358CD-0E28-46C6-AF60-91F5231015D5}
            Successfully deleted: [Empty Folder] C:\Users\Dylan\appdata\local\{EE1F7FFB-4604-4B72-9DC2-BD46946367FB}



            ~~~ Event Viewer Logs were cleared





            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            Scan was completed on Fri 06/27/2014 at 21:18:56.86
            End of JRT log
            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

            azreon

              Topic Starter


              Rookie

              • Experience: Beginner
              • OS: Windows 7
              Re: not sure what to do
              « Reply #7 on: June 27, 2014, 07:37:16 PM »
              # AdwCleaner v3.213 - Report created 27/06/2014 at 21:33:29
              # Updated 23/06/2014 by Xplode
              # Operating System : Windows 7 Starter Service Pack 1 (32 bits)
              # Username : Dylan - DYLAN-PC
              # Running from : C:\Users\Dylan\Downloads\AdwCleaner.exe
              # Option : Clean

              ***** [ Services ] *****


              ***** [ Files / Folders ] *****

              Folder Deleted : C:\Program Files\SupraSavings

              ***** [ Shortcuts ] *****


              ***** [ Registry ] *****


              ***** [ Browsers ] *****

              -\\ Internet Explorer v11.0.9600.17126


              -\\ Mozilla Firefox v

              [ File : C:\Users\Dylan\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]


              [ File : C:\Users\Dylan\AppData\Roaming\Mozilla\Firefox\Profiles\dyx0or67.default\prefs.js ]


              -\\ Google Chrome v35.0.1916.153

              [ File : C:\Users\Dylan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

              Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=MC5A4D29E-6706-4E6A-B98F-F4D7948335C0&SearchSource=58&CUI=&UM=5&UP=SP83872C2B-D106-4F84-A35D-0CCCF1195F55&q={searchTerms}&SSPV=
              Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN23135998505721270&ctid=CT3287810&UM=2
              Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
              Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
              Deleted [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3287810&SearchSource=48&CUI=UN23135998505721270&UM=2

              *************************

              AdwCleaner[R0].txt - [15132 octets] - [27/06/2014 03:19:10]
              AdwCleaner[R1].txt - [1728 octets] - [27/06/2014 04:08:36]
              AdwCleaner[R2].txt - [1207 octets] - [27/06/2014 04:15:18]
              AdwCleaner[R3].txt - [1374 octets] - [27/06/2014 04:23:28]
              AdwCleaner[R4].txt - [1494 octets] - [27/06/2014 04:34:02]
              AdwCleaner[R5].txt - [1619 octets] - [27/06/2014 04:56:57]
              AdwCleaner[R6].txt - [1731 octets] - [27/06/2014 11:41:44]
              AdwCleaner[R7].txt - [1845 octets] - [27/06/2014 21:30:25]
              AdwCleaner[S0].txt - [14402 octets] - [27/06/2014 03:23:30]
              AdwCleaner[S1].txt - [1799 octets] - [27/06/2014 04:11:04]
              AdwCleaner[S2].txt - [1269 octets] - [27/06/2014 04:18:22]
              AdwCleaner[S3].txt - [1389 octets] - [27/06/2014 04:27:46]
              AdwCleaner[S4].txt - [2333 octets] - [27/06/2014 11:47:05]
              AdwCleaner[S5].txt - [2307 octets] - [27/06/2014 21:33:29]

              ########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [2367 octets] ##########

              SuperDave

              • Malware Removal Specialist


              • Genius
              • Thanked: 991
              • Certifications: List
              • Experience: Expert
              • OS: Windows 8
              Re: not sure what to do
              « Reply #8 on: June 28, 2014, 01:14:06 PM »
              Malwarebytes' Anti-Rootkit

              Please download Malwarebytes' Anti-Rootkit and save it to your desktop.
              • Be sure to print out and follow the instructions provided on that same page for performing a scan.
              • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
              • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
              • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
              • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
              • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
              • Copy and paste the contents of these two log files in your next reply.
              Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

              azreon

                Topic Starter


                Rookie

                • Experience: Beginner
                • OS: Windows 7
                Re: not sure what to do
                « Reply #9 on: June 28, 2014, 11:08:42 PM »
                it said no malware found

                SuperDave

                • Malware Removal Specialist


                • Genius
                • Thanked: 991
                • Certifications: List
                • Experience: Expert
                • OS: Windows 8
                Re: not sure what to do
                « Reply #10 on: June 29, 2014, 01:07:01 PM »
                I'd like to scan your machine with ESET OnlineScan

                •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
                ESET OnlineScan

                •Click the button.
                •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
                • Click on to download the ESET Smart Installer. Save it to your desktop.
                • Double click on the icon on your desktop.
                •Check
                •Click the button.
                •Accept any security warnings from your browser.
                • Leave the check mark next to Remove found threats.
                •Check
                •Push the Start button.
                •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
                •When the scan completes, push
                •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
                •Push the button.
                •Push
                A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
                Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                azreon

                  Topic Starter


                  Rookie

                  • Experience: Beginner
                  • OS: Windows 7
                  Re: not sure what to do
                  « Reply #11 on: June 30, 2014, 12:29:17 AM »
                  C:\AdwCleaner\Quarantine\C\Program Files\SaveAs\uninstall.exe.vir   a variant of Win32/SProtector.B potentially unwanted application   deleted - quarantined
                  C:\AdwCleaner\Quarantine\C\Program Files\uTorrentControl2\ldrtbuTor.dll.vir   a variant of Win32/Toolbar.Conduit.P potentially unwanted application   deleted - quarantined
                  C:\AdwCleaner\Quarantine\C\Program Files\uTorrentControl2\prxtbuTor.dll.vir   Win32/Toolbar.Conduit.O potentially unwanted application   deleted - quarantined
                  C:\AdwCleaner\Quarantine\C\Program Files\uTorrentControl2\tbuTor.dll.vir   a variant of Win32/Toolbar.Conduit.B potentially unwanted application   deleted - quarantined
                  C:\AdwCleaner\Quarantine\C\Program Files\uTorrentControl2\uTorrentControl2ToolbarHelper.exe.vir   Win32/Toolbar.Conduit.Q potentially unwanted application   deleted - quarantined
                  C:\AdwCleaner\Quarantine\C\ProgramData\Premium\SaveAs\run1B46.tmp.vir   Win32/GenUpdater potentially unwanted application   deleted - quarantined
                  C:\AdwCleaner\Quarantine\C\ProgramData\Premium\SaveAs\run3038.tmp.vir   Win32/GenUpdater potentially unwanted application   deleted - quarantined
                  C:\AdwCleaner\Quarantine\C\ProgramData\Premium\SaveAs\run351.tmp.vir   Win32/GenUpdater potentially unwanted application   deleted - quarantined
                  C:\AdwCleaner\Quarantine\C\ProgramData\Premium\SaveAs\run4F4C.tmp.vir   Win32/GenUpdater potentially unwanted application   deleted - quarantined
                  C:\AdwCleaner\Quarantine\C\ProgramData\Premium\SaveAs\run4F8.tmp.vir   Win32/GenUpdater potentially unwanted application   deleted - quarantined
                  C:\AdwCleaner\Quarantine\C\ProgramData\Premium\SaveAs\run5581.tmp.vir   Win32/GenUpdater potentially unwanted application   deleted - quarantined
                  C:\AdwCleaner\Quarantine\C\ProgramData\Premium\SaveAs\run60F7.tmp.vir   Win32/GenUpdater potentially unwanted application   deleted - quarantined
                  C:\AdwCleaner\Quarantine\C\ProgramData\Premium\SaveAs\run696B.tmp.vir   Win32/GenUpdater potentially unwanted application   deleted - quarantined
                  C:\AdwCleaner\Quarantine\C\ProgramData\Premium\SaveAs\run7CB0.tmp.vir   Win32/GenUpdater potentially unwanted application   deleted - quarantined
                  C:\AdwCleaner\Quarantine\C\ProgramData\Premium\SaveAs\run80CE.tmp.vir   Win32/GenUpdater potentially unwanted application   deleted - quarantined
                  C:\AdwCleaner\Quarantine\C\ProgramData\Premium\SaveAs\run8222.tmp.vir   Win32/GenUpdater potentially unwanted application   deleted - quarantined
                  C:\AdwCleaner\Quarantine\C\ProgramData\Premium\SaveAs\run8D01.tmp.vir   Win32/GenUpdater potentially unwanted application   deleted - quarantined
                  C:\AdwCleaner\Quarantine\C\ProgramData\Premium\SaveAs\runAB37.tmp.vir   Win32/GenUpdater potentially unwanted application   deleted - quarantined
                  C:\AdwCleaner\Quarantine\C\ProgramData\Premium\SaveAs\runACA2.tmp.vir   Win32/GenUpdater potentially unwanted application   deleted - quarantined
                  C:\AdwCleaner\Quarantine\C\ProgramData\Premium\SaveAs\runB6E6.tmp.vir   Win32/GenUpdater potentially unwanted application   deleted - quarantined
                  C:\AdwCleaner\Quarantine\C\ProgramData\Premium\SaveAs\runD038.tmp.vir   Win32/GenUpdater potentially unwanted application   deleted - quarantined
                  C:\AdwCleaner\Quarantine\C\ProgramData\Premium\SaveAs\runD382.tmp.vir   Win32/GenUpdater potentially unwanted application   deleted - quarantined
                  C:\AdwCleaner\Quarantine\C\ProgramData\Premium\SaveAs\runDBEA.tmp.vir   Win32/GenUpdater potentially unwanted application   deleted - quarantined
                  C:\AdwCleaner\Quarantine\C\ProgramData\Premium\SaveAs\runF673.tmp.vir   Win32/GenUpdater potentially unwanted application   deleted - quarantined
                  C:\AdwCleaner\Quarantine\C\ProgramData\Premium\SaveAs\SaveAs.exe.vir   Win32/GenUpdater potentially unwanted application   deleted - quarantined
                  C:\AdwCleaner\Quarantine\C\Users\Dylan\AppData\LocalLow\uTorrentControl2\ldrtbuTor.dll.vir   a variant of Win32/Toolbar.Conduit.P potentially unwanted application   deleted - quarantined
                  C:\AdwCleaner\Quarantine\C\Users\Dylan\AppData\LocalLow\uTorrentControl2\tbuTor.dll.vir   a variant of Win32/Toolbar.Conduit.B potentially unwanted application   deleted - quarantined
                  C:\AdwCleaner\Quarantine\C\windows\BuzzSocialPointsChecker\BuzzSocialPoints_lidns.exe.vir   Win32/Toolbar.Besttoolbars.A potentially unwanted application   deleted - quarantined
                  C:\Users\Dylan\Downloads\DownloadSetup.exe   Win32/InstalleRex.J potentially unwanted application   deleted - quarantined
                  C:\Users\Dylan\Downloads\Setup_ODM (1).exe   a variant of Win32/Packed.VMDetector.G potentially unwanted application   deleted - quarantined
                  C:\Users\Dylan\Downloads\Setup_ODM.exe   Win32/AdWare.GorillaPrice.E application   cleaned by deleting - quarantined

                  SuperDave

                  • Malware Removal Specialist


                  • Genius
                  • Thanked: 991
                  • Certifications: List
                  • Experience: Expert
                  • OS: Windows 8
                  Re: not sure what to do
                  « Reply #12 on: June 30, 2014, 01:05:11 PM »
                  That looks great. Any other issues before we clean up?
                  Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                  azreon

                    Topic Starter


                    Rookie

                    • Experience: Beginner
                    • OS: Windows 7
                    Re: not sure what to do
                    « Reply #13 on: June 30, 2014, 03:09:53 PM »
                    not that i know of

                    SuperDave

                    • Malware Removal Specialist


                    • Genius
                    • Thanked: 991
                    • Certifications: List
                    • Experience: Expert
                    • OS: Windows 8
                    Re: not sure what to do
                    « Reply #14 on: July 01, 2014, 12:18:24 PM »
                    Good, let's clean up.

                    This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
                    This is a very crucial step so make sure you don't skip it.
                    Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

                    Double-click Delfix.exe to start the tool.
                    Make sure the following items are checked:
                    • Activate UAC (optional; some users prefer to keep it off)
                    • Remove disinfection tools
                    • Create Registry backup
                    • Purge System Restore Points
                    • Re-set system settings
                    Now click "Run" and wait patiently.
                    Once finished a logfile will be created. You don't have to attach it to your next reply.
                    ***************************************************
                    Click Start> Computer> right click the C Drive and choose Properties> enter
                    Click Disk Cleanup from there.



                    Click OK on the Disk Cleanup Screen.
                    Click Yes on the Confirmation screen.



                    This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
                    **********************************************
                    Go to Microsoft Windows Update and get all critical updates.

                    I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

                    Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

                    Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
                    Safe Surfing!
                    Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender